我需要创建一个具有路由的 API,该路由能够识别当前用户是否是请求中指示的用户(而且任何身份验证都不应有效)
对于其他路径,我遵循https://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/,一切都可以与带有 JWT 令牌的 Bearer 一起使用,如下所示
user: User = Depends(get_current_active_user)
修改我尝试过的文档提供的方法
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth")
async def get_user_or_none(db: Session = Depends(get_db), token: str = Depends(oauth2_scheme)):
"""
Return the current active user if is present (using the token Bearer) or None
"""
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
username: str = payload.get("sub")
if username is None:
return None
except JWTError:
return None
# check user in db
user = crud.get_user(db, username)
if user is None:
return None
return user
@router.get("/api/{user_id}/structure")
async def get_user_structure(
user_id: int,
user = Depends(get_user_or_none),
db: Session = Depends(get_db)
):
# do_something() if user.id == user_id else do_something_else()
但我收到一个错误
401 Error: Unauthorized {
"detail": "Not authenticated"
}
avi*_*avi 20
您需要OAuth2PasswordBearer对这些可选的身份验证端点使用不同的auto_error=False,例如
optional_oauth2_scheme = OAuth2PasswordBearer(tokenUrl="auth", auto_error=False)
async def get_user_or_none(db: Session = Depends(get_db), token: str | None = Depends(optional_oauth2_scheme)):
...
None现在,当Authorization未提供标头时,令牌将出现,从而导致您想要的行为。
| 归档时间: |
|
| 查看次数: |
4688 次 |
| 最近记录: |